A recurring problem in computer systems is the distribution of licensed digital content files, such as programs and data files, and the subsequent control of the licensed use of such digital content files, and this problem has become significantly more severe with the advent of the networked purchase and distribution of licensed digital content files through, for example, the Internet.
The prior art has attempted a number of solutions to this problem. For example, in one system of the prior art a licensed program is bundled with a file manager program that interacts with the target system operating system to monitor file calls to the licensed program. A part of the licensed program is encrypted to reversibly disable a part of the program and the file manager program permits access to only the unencrypted parts of the program until a user presents a product key that is distributed separately from the program distributor. The product key is based, in part, on the user system hardware configuration and, when presented to the file manager, permanently decrypts and unlocks the licensed program for full access by the user. This system, however, distributes licensed programs on computer media and the protection mechanism operates on a media basis, that is, protects all programs on a media rather than protecting the programs individually. In addition, the system uses a file management program that must interact with the user operating system to monitor user system file input/output calls to restrict access to a licensed program, and must separately provide a product key to fully access the program. The system also requires the use of import and export modules to transfer a licensed program and product key information from one system to another, thereby limiting the means by which a program and license may be distributed. A further problem is that the system utilizes a file based encryption scheme that uses built-in data, relating only to a product code, to determine whether to remove the encryption protection, and provides only on/off encryption protection for a licensed program wherein the protection, once removed by the use of a product key, cannot be restored. Also, the license may not be transferred from one user or system to another.
In another system of the prior art, access to a licensed program is dependent upon a key that combines identifications of an enterprise system comprised of a plurality of computer systems, a computer system within the enterprise system, and an identifier of the licensed program that is tied to the enterprise system, wherein the identifiers are typically system serial numbers. Use of a licensed program is controlled by a license manager resident in the enterprise system that accepts the keys and grants access to licensed programs to the computer system of the enterprise system computers based upon keys identifying the computers as members of the enterprise system. The license manager is activated by operation of an enterprise enabler program that, in turn, requires a key specific to the enterprise system. This system, however, requires the user to be a member of an enterprise system, thereby severely limiting the applicability of the system, and is dependent upon license checking functions that are independent of and separate from the licensed program, and thus have no effective functional relationship to the licensed program, and provides only a fixed, static form of license.
Yet another system of the prior art distributes licensed programs in locked “containers” and requires the issuance of an authentication certificate and a decryption key that are used by the user to access the licensed program. The system is thereby based upon the use of an authentication certificate transmitted from a license clearing house to a user system, and that thereby has no functional relationship to the licensed program. Another disadvantage of this system is that the only trusted entity in the distribution chain to the user is the license clearing house, so that no other entity in a distribution chain is capable of affecting the authentication of a user, thereby severely limiting the means by which the programs may be distributed. In addition, the system provides only a single, yes/no level of authentication and the program is protected only until an authentication certificate is used to unlock the encryption protection, whereupon the program thereafter is unprotected.
Still another system of the prior art provides a software license management system for software packages containing a plurality of components, each of which is a software product such as an application program. A license server creates a license database from a package license description that includes software product licenses and will grant a license to a software product to a user system upon a request from a user that meets the constraints of the package license description, which are primarily limitations on the number of licenses that may be granted. Each grant of a software product license results in the creation of a license record in the database wherein each license record includes an exclusive suite license to the software package that includes the requested software product, so that licenses are effectively granted to the software packages rather than to the individual components of the software packages. Again, this system protects a package of products, rather than the products themselves, and requires a license server that is separate from the user systems to receive license requests and to issue licenses and to enforce the license restrictions, which further requires that all license records reside in the license server. In addition, the licenses are static, that is, cannot be subsequently modified, and once a license is granted a program is fully accessible to the user system, even given significant changes to the user system or user.
Yet another system of the prior art provides a software license management system for programs wherein a license server maintains a database of licenses created from a license document provided from a license issuer. Each licensed program makes a call to the license server upon program start-up and the license server checks whether use of the program is permitted under the licenses stored in the license database, using such parameters as node, login domain, user name, product name, operation system, operating domain and type of processor. The license server will issue a grants for use of the program, if such use is permitted, and will allow a user on one node of the system to execute a program residing on another node of the system be means of a “calling card” identification of the user whereby the user obtains permission to make a procedure call to use the program on the other node of the system.
Another system of the prior art provides a software/license metering system that is based upon the use of a system monitor implemented in hardware and software to monitor and track the usage of one or more software products and certain user system parameters. Yet another provides a license management system for use in the nodes of a network wherein authorization to use a program is based upon licenses stored in the nodes of the network and the use of programs is controlled by limiting the number of valid licenses on the network. A related system of the prior art provides a software management system wherein a plurality of different types of licenses are available to a user on a local node at the time the user requests a license. The management system may select among a local node-locked license, a floating license or a remote node-locked license, wherein in the latter case the user is connected to the remote node, or may place the user request in a request queue if no license is currently available. Yet another system a system provides for the per-use decryption of confidential data files and the subsequent elimination of the decrypted data by scorching or selective re-encryption. The decision whether to re-encrypt a given decrypted file is based upon file or application program exclusion lists, file open and close requests, identification of confidential files by directory, tracking of the number of application programs using a file, and identification of non-modified text.
It is apparent, therefore, that the systems of the prior art suffer from a number of disadvantages. For example, the systems of the prior art generally rely upon mechanisms that are separate and independent from a licensed program, rather than a means that is related to the program itself, thereby providing only limited protection and being readily vulnerable to various methods for bypassing such forms of protection. In addition, the systems of the prior art are essentially static, that is, they do not allow a license to be subsequently modified at need, and frequently provide only one-time protection. Also, the systems of the prior art severely limit the types of systems in which the programs and licensing enforcement mechanisms may be employed, and the means by which the licensed programs and licenses may be distributed.
The present invention provides a solution to these and other problems of the prior art.